H3-2022-0079
Credential Dumping - AWS Instance Metadata Service v2
Category | SECURITY_CONTROLS |
Base Score | 5.0 |
Description
The AWS Instance Metadata Service runs on a special internal link-local IP 169.254.169.154 and hosts configuration for the instance. While the Instance Metadata Service v2 (IMDSv2) is not vulnerable to server-side request forgery (SSRF), it can still be abused by an attacker who has gained remote code execution on the EC2 instance.
Impact
An attacker can obtain AWS access keys from the Metadata Service. An attacker can use these access keys to access AWS cloud services, data, and resources. The breadth of impact depends on the permissions configured with the instance.